基于信任列表的可信第三方跨域认证模型

目前国内已有31家获得电子认证服务许可的第三方认证机构（certification authority，CA），跨CA的信任和验证日益迫切。针对该问题，提出了一种基于信任列表的可信第三方跨域认证模型。该模型依托公钥基础设施（public key infrastructure，PKI）所提供的数字证书等安全服务，通过引入新的信任机制更好地管理和控制了可信根证书列表，既避免了传统信任列表模型的诸多缺点，又能够有效实现多CA互信互认。为支持这一跨信任域模型的实际运行，设计了相应的工作流程和多CA认证方案，并开发了多CA应用支撑模块，以及就其中的关键技术问题进行了详细论述。分析表明，该模型能够让应用系统灵活地动态兼容不同CA所颁发的数字证书，且在认证效率、安全性、实用性以及应用改造等方面均具有明显优势。 

A Trusted Third Party Inter-Domain Authentication Model Based on Trust Lists

At present there are thirty-one third-party certification authorities obtaining a license of electronic certification services in China. The trust and verification schemes between CAs are becoming increasingly urgent. A trusted third party inter-domain authentication model based on trust lists is proposed to solve the existing problem. To overcome the shortcomings of traditional trust lists model, the proposed model utilizes the digital certificate security services provided by public key infrastructure, better manages and controls the trusted root certificate lists through the new trust mechanism. Furthermore, the proposed model can effectively realize multi-CA mutual trust and mutual recognition. We design the work-flow and multi-CA authentication scheme, develop the supporting system to support real realization of multi-CA mutual trust and mutual recognition, and also present the key techniques in details in this paper. Analysis shows that the proposed model can facilitate application systems’ dynamic compatibility to the digital certificates issued by different certification authorities. And it has obvious advantages at authentication efficiency, safety, practicability, application of transformation and Etc.